Integration framework and user interface for embedding transfer services into applications

ABSTRACT

Techniques are disclosed for providing secure transaction functionality embedded into host applications executing on transaction client devices, using an integration framework and user interfaces. A transaction server may be configured to receive initial transaction sender and receiver data from an integrated software component executing within a host software application on a transaction client device. After receiving the initial transaction sender and receiver data from the integrated software component, the transaction server may determine transaction sender and transaction recipient locations, and may select a particular transaction user interface based on the sender and recipient location data. Particular transaction user interface also may be determined based on specific host applications. After determining the particular transaction user interface, the interface may be transmitted to the transaction client device, for example, via a content delivery network.

CROSS-REFERENCES TO RELATED APPLICATIONS

The present application is a continuation of U.S. patent applicationSer. No. 16/459,172, filed Jul. 1, 2019, now U.S. Pat. No. 11,258,875,which is a continuation of U.S. patent application Ser. No. 15/299,951,filed Oct. 21, 2016, now U.S. Pat. No. 10,367,905, which is anon-provisional of and claims priority to U.S. Provisional PatentApplication No. 62/244,745, filed Oct. 22, 2015, the entire contents ofeach of which are incorporated herein by reference for all purposes.

BACKGROUND Field

The present invention relates generally to receiving and handling securetransfers between devices at different locations or domains withinelectronic transfer networks.

Description of the Related Art

Within electronic data transfer networks, one or more central transferservers along with various intermediary computing infrastructure andcommunication networks may be used to initiate and perform securetransfers between sender devices and receiver devices. In some cases,sender devices and receiver devices for a requested transfer may operateat separate locations or domains with a larger transfer system, and thusmay have different networks and different subsets of available resourcesmay be available to the different devices within the requestedtransaction. Central transfer servers and other computing systems maydetermine and assign resources for performing requested transfers.Moreover, such transfer between different locations or domains may besubject to different rules with respect to risk and compliance dependingon sender and recipient locations.

SUMMARY

Aspects described herein providing secure transfers between transactionclient devices at different locations or domains within electronictransfer networks. Specifically, various techniques (e.g., systems,methods, computer-program products tangibly embodied in a non-transitorycomputer-readable storage medium, etc.) described herein relate toproviding secure transaction functionality embedded into a hostapplications executing on transaction client devices, using anintegration framework and user interfaces. In some embodiments, atransaction server may be configured to receive initial transaction data(e.g., transaction sender and receiver data) from an integrated softwarecomponent executing within a host software application on a transactionclient device (e.g., a mobile device). For example, a widget or otherspecialized software component configured to provide secure transactionsmay be embedded within a communication application, such as a messaging,gaming, or social networking application, executing on mobile device.After receiving the transaction sender and receiver data from theintegrated software component executing within the host application onthe client device, the transaction server may determine transactionsender and transaction recipient locations, and may select a particulartransaction user interface based on the sender and recipient locationdata. In some examples, the particular transaction user interface alsomay be determined based on the specific host application, thus providingsupport within the integration framework for providing integrated andsecure transaction user interfaces that are sender location and receiverlocation specific and/or partner specific.

Additional techniques are described herein for providing the particulartransaction user interface to the transaction client device. In someembodiments, the transaction server may upload a plurality oftransaction user interfaces to a content delivery network (CDN). In suchcases, the transaction server may provide a particular transaction userinterface determined for a particular transaction client, by identifyinga number of CDN servers hosting a current (e.g., not expired) version ofthe particular transaction user interface. The transaction server thenmay determine a particular CDN server based on geographic locationand/or other factors, and transmit a link that allows the integratedapplication to download the transaction user interface directly from theparticular CDN server. After receiving and rendering the particulartransaction user interface within the software component integratedwithin the host application, the integrated software component mayreceive input data via the transaction user interface and securelytransmit a corresponding transaction request to the transaction server.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating an example of an electronic datatransfer network, according to one or more embodiments of thedisclosure.

FIG. 2 is a block diagram illustrating various components and featuresof an example transaction client device, according to one or moreembodiments of the disclosure.

FIG. 3 is a block diagram illustrating a computer server and computingenvironment within an electronic data transfer network, according to oneor more embodiments of the disclosure.

FIG. 4 is a block diagram illustrating an embodiment of one or more datastore servers within an electronic data transfer network, according toone or more embodiments of the disclosure.

FIG. 5 is a block diagram illustrating an embodiment of one or morecontent management servers within an electronic data transfer network,according to one or more embodiments of the disclosure.

FIG. 6 is a block diagram illustrating the physical and logicalcomponents of a special-purpose computing device within an electronicdata transfer network, according to one or more embodiments of thedisclosure.

FIG. 7 is a block diagram illustrating an example system including atransaction integration framework, core transaction system, contentdelivery network, and a plurality of transaction client devices,according to one or more embodiments of the disclosure.

FIG. 8 is a block diagram illustrating an example system architectureand components of a transaction integration framework, according to oneor more embodiments of the disclosure.

FIG. 9 is a block diagram illustrating an example architecture of atransaction user interface authoring system, according to one or moreembodiments of the disclosure.

FIG. 10 is a flow diagram illustrating an example process of generatingand hosting a plurality of transaction user interfaces, according to oneor more embodiments of the disclosure.

FIG. 11 is a flow diagram illustrating an example process of determiningand providing a particular transaction user interface to a clientdevice, according to one or more embodiments of the disclosure.

FIG. 12 is an example swim lane diagram illustrating an example processof hosting transaction user interfaces, providing particular transactionuser interfaces to client devices, and supporting transaction requestsinitiated using the particular transaction user interfaces, according toone or more embodiments of the disclosure.

It is noted that any of the elements and/or steps provided in the blockdiagrams, flow diagrams, method diagrams, and other illustrations of thefigures may be optional, replaced, and/or include additional components,such as combined and/or replaced with other elements and/or steps fromother figures and text provided herein. Various embodiments of thepresent invention are discussed below, and various combinations ormodifications thereof may be contemplated.

DETAILED DESCRIPTION

The ensuing description provides illustrative embodiment(s) only and isnot intended to limit the scope, applicability or configuration of thedisclosure. Rather, the ensuing description of the illustrativeembodiment(s) will provide those skilled in the art with an enablingdescription for implementing a preferred exemplary embodiment. It isunderstood that various changes can be made in the function andarrangement of elements without departing from the spirit and scope asset forth in the appended claims.

Various techniques (e.g., systems, methods, computer-program productstangibly embodied in a non-transitory computer-readable storage medium,etc.) are described herein for providing secure transactionfunctionality embedded into a host applications executing on transactionclient devices, using an integration framework and user interfaces. Insome embodiments, a transaction server may be configured to receiveinitial transaction data (e.g., transaction sender and receiver data)from an integrated software component executing within a host softwareapplication on a transaction client device (e.g., a mobile device). Forexample, a widget or other specialized software component configured toprovide secure transactions may be embedded within a communicationapplication, such as a messaging, gaming, or social networkingapplication, executing on mobile device. After receiving the transactionsender and receiver data from the integrated software componentexecuting within the host application on the client device, thetransaction server may determine transaction sender and transactionrecipient locations, and may select a particular transaction userinterface based on the sender and recipient location data. In someexamples, the particular transaction user interface also may bedetermined based on the specific host application, thus providingsupport within the integration framework for providing integrated andsecure transaction user interfaces that are sender location and receiverlocation specific and/or partner specific.

Additional techniques are described herein for providing the particulartransaction user interface to the transaction client device. In someembodiments, the transaction server may upload a plurality oftransaction user interfaces to a content delivery network (CDN). In suchcases, the transaction server may provide a particular transaction userinterface determined for a particular transaction client, by identifyinga number of CDN servers hosting a current (e.g., not expired) version ofthe particular transaction user interface. The transaction server thenmay determine a particular CDN server based on geographic locationand/or other factors, and transmit a link that allows the integratedapplication to download the transaction user interface directly from theparticular CDN server. After receiving and rendering the particulartransaction user interface within the software component integratedwithin the host application, the integrated software component mayreceive input data via the transaction user interface and securelytransmit a corresponding transaction request to the transaction server.

With reference now to FIG. 1, a block diagram is shown illustratingvarious components of an electronic transfer network 100 whichimplements and supports certain embodiments and features describedherein. As discussed below in more detail, various embodiments ofelectronic transfer networks 100 may be implemented and configured toperform secure transactions via an integration framework and softwarecomponent embedded within host applications executing on client devices106. In some embodiments, the various computing devices and systemsshown in FIG. 1 may correspond to different physical or virtualdomains/regions, for instance, different geographic areas withindifferent jurisdictions, different data centers, different networks,different computing infrastructures, etc. As described herein, securetransactions (or secure transfers) may include transfers of variousdifferent types of data items (e.g., files, database records, media orother content resources, etc.), as well as other secure datatransactions or other interactions between a sender and receiverdevices/servers. In some embodiments, the electronic transfer network100 may be configured to operate as a value transfer system by whichusers at client devices 106 may initiate value transfers to users atother client devices 106. In such cases, management servers 102 and/orexternal systems 110 may correspond to secure systems operated byfinancial institutions or other entities, by which sender and receivercredentials and value transfer requests may be received and analyzed,and value-based transactions may be authorized and performed.

Thus, in various embodiments, electronic transfer network 100 may beconfigured to support and perform transfers of various currency types,including traditional and/or digital currencies, centralized and/orde-centralized currencies, cryptocurrencies, and any other medium ofexchange (e.g., credit, gift cards or certificates, points in a userpoint system, etc.), between client devices 106 and/or external systems110 in different areas, regions, or jurisdictions. In other embodiments,the electronic transfer network 100 may be configured to perform othertypes of multi-party data transfers and/or secure transactions, such astransfers of data items including secure files, records, and/or contentresources, between client devices 106 and other client devices 106,management servers 102 and/or external systems 110. For such transfers,the endpoint systems may be operating in the same location, using thesame communication networks 120, and/or using the same computinghardware and software infrastructure, or may operate in differentlocations, on different networks, and/or in different datacenters, etc.Data management servers 102 and relate servers (e.g., 104, 108, 112,114, 116, etc.) in some embodiments, may correspond to authenticationsystems, data access/permission systems, subscription monitor systems,network access providers, and/or any other servers that may be used tomonitor, permit/deny access, and/or enable data transfers. In stillother embodiments, network 100 may be implemented as part of interactivegaming systems, educational and profession training systems, and/orsocial network systems, to enable the transfer of certain data or values(e.g., points, credits, resources, etc.) between users on differentsystems and/or in different locations.

As shown in FIG. 1, electronic transfer network 100 may include one ormore data management servers 102. Data management servers 102 may be anydesired type of server including, for example, a rack server, a towerserver, a miniature server, a blade server, a mini rack server, a mobileserver, an ultra-dense server, a super server, or the like, and mayinclude various hardware components, for example, a motherboard, aprocessing units, memory systems, hard drives, network interfaces, powersupplies, etc. Data management servers 102 may include one or moreserver farms, clusters, or any other appropriate arrangement and/orcombination or computer servers. Data management servers 102 may actaccording to stored instructions located in a memory subsystem of theservers 102, and may run an operating system, including any commerciallyavailable server operating system and/or any other operating systemsdiscussed herein.

The electronic transfer network 100 may include one or more data storeservers 104, such as database servers and file-based storage systems.Data stores 104 may comprise stored data relevant to the functions ofthe electronic transfer network 100. Illustrative examples of datastores 104 that may be maintained in certain embodiments of theelectronic transfer network 100 are described below in reference to FIG.4. In some embodiments, multiple data stores may reside on a singleserver 104, either using the same storage components of server 104 orusing different physical storage components to assure data security andintegrity between data stores. In other embodiments, each data store mayhave a separate dedicated data store server 104.

Electronic transfer network 100 also may include one or more clientdevices 106. Client devices 106 may display data received via theelectronic transfer network 100, and may support various types of userinteractions with the data. Client devices 106 may include mobiledevices such as smartphones, tablet computers, personal digitalassistants, and wearable computing devices. Such mobile devices may runa variety of mobile operating systems, and may be enabled for Internet,e-mail, short message service (SMS), Bluetooth®, mobile radio-frequencyidentification (M-RFID), and/or other communication protocols. Otherclient devices 106 may be general purpose personal computers orspecial-purpose computing devices including, by way of example, personalcomputers, laptop computers, workstation computers, projection devices,and interactive room display systems. Additionally, client devices 106may be any other electronic devices, such as thin-client computers,Internet-enabled gaming systems, business or home appliances, and/orpersonal messaging devices, capable of communicating over network(s)120. In some embodiments, one or more client devices 106 may includedigital kiosk devices such as point-of-sale terminals, value transferterminals, and/or digital advertising or display devices, including someor all of the features described below in reference to FIG. 2.

In different contexts of electronic transfer networks 100, clientdevices 106 may correspond to different types of specialized devices,for example, employee devices and presentation devices in a companynetwork, gaming devices in a gaming network, networked point-of-saleterminals or digital advertising terminals in a retail network, etc. Insome embodiments, client devices 106 may operate in the same physicallocation, such as the conference room or same retail store location. Insuch cases, the devices 106 may contain components that support directcommunications with other nearby devices 106, such as a wirelesstransceivers and wireless communications interfaces, Ethernet sockets orother Local Area Network (LAN) interfaces, etc. In otherimplementations, the client devices 106 need not be used at the samephysical location, but may be used in remote geographic locations inwhich each client device 106 may use security features and/orspecialized hardware (e.g., hardware-accelerated SSL and HTTPS,WS-Security, firewalls, etc.) to communicate with the data managementserver 102 and/or other remotely located client devices 106.Additionally, different client devices 106 may be assigned differentdesignated roles, such as sender devices, receiver devices,administrator devices, or the like, and in such cases the differentdevices may be provided with additional hardware and/or softwarecomponents to provide content and support user capabilities notavailable to the other devices.

The electronic transfer network 100 also may include one or more proxyservers 108 configured to operate between a set of related clientdevices 106 and the back-end server(s) 102. In some cases, proxy server108 may maintain private user information for client devices 106interacting with applications or services hosted on other servers. Forexample, the proxy server 108 may be used to maintain private data of auser within one jurisdiction even though the user is accessing anapplication hosted on a server (e.g., the data management server 102)located outside the jurisdiction. In such cases, the proxy server 108may intercept communications between multiple different client devices106 and/or other devices that may include private user information. Theproxy server 108 may create a token or identifier that does not disclosethe private information and may use the token or identifier whencommunicating with the other servers and systems, instead of using theuser's private information.

The electronic transfer network 100 also may include one or moreexternal servers/systems 110 configured to connect to the back-endserver(s) 102 through various communication networks 120 and/or throughproxy servers 108. External servers/systems 110 may include some or allof the same physical and logical components as the data managementserver(s) 102, and may be configured to provide various data sourcesand/or services to the other components of the electronic transfernetwork 100.

As illustrated in FIG. 1, the data management server 102 may be incommunication with one or more additional servers, such as a contentserver 112, a user data server 112, and/or an administrator server 116.Each of these servers may include some or all of the same physical andlogical components as the data management server(s) 102, and in somecases, the hardware and software components of these servers 112-116 maybe incorporated into the data management server(s) 102, rather thanbeing implemented as separate computer servers.

Content server 112 may include hardware and software components togenerate, store, and maintain the content resources for distribution toclient devices 106 and other devices in the network 100. For example, inelectronic transfer networks 100 used for professional training andeducational purposes, content server 112 may include data stores oftraining materials, presentations, interactive programs and simulations,and various training interfaces that correspond to different materialsand/or different types of user devices 106. In content electronictransfer networks 100 used for distribution of media content,advertising, and the like, a content server 112 may include media andadvertising content files.

User data server 114 may include hardware and software components thatstore and process data for multiple users relating to each user'sactivities and usage of the electronic transfer network 100. Forexample, the data management server 102 may record and track each user'ssystem usage, including their client device 106, data accessed andtransferred, and interactions with other client devices 106. This datamay be stored and processed by the user data server 114, to support usertracking and analysis features. For instance, in business trainingcontexts, the user data server 114 may store and analyze each user'straining materials viewed, courses completed, interactions, and thelike. In the context of advertising, media distribution, and interactivegaming, the user data server 114 may store and process resource accessdata for multiple users (e.g., transactions initiated, sent, andreceived, data files accessed, access times, data usage amounts, userhistories, user devices and device types, etc.).

Administrator server 116 may include hardware and software components toinitiate various administrative functions at the data management server102 and other components within the content distribution network 100.For example, the administrator server 116 may monitor device status andperformance for the various servers, data stores, and/or client devices106 in the electronic transfer network 100. When necessary, theadministrator server 116 may add or remove devices from the network 100,and perform device maintenance such as providing software updates to thedevices in the network 100. Various administrative tools on theadministrator server 116 may allow authorized users to set user accesspermissions to various data resources, monitor resource usage by usersand devices 106, and perform analyses and generate reports on specificnetwork users and/or devices (e.g., resource usage tracking reports,training evaluations, etc.).

The electronic transfer network 100 may include one or morecommunication networks 120. Although two networks 120 are identified inFIG. 1, the electronic transfer network 100 may include any number ofdifferent communication networks between any of the computer servers anddevices shown in FIG. 1 and/or other devices described herein.Communication networks 120 may enable communication between the variouscomputing devices, servers, and other components of the electronictransfer network 100. As discussed below, various implementations ofelectronic transfer networks 100 may employ different types of networks120, for example, computer networks, telecommunications networks,wireless networks, and/or any combination of these and/or othernetworks.

As noted above, in certain embodiments, electronic transfer network 100may be a cryptocurrency network or other network using encryptionprotocols and techniques for performing transfers of cryptocurrencyand/or other alternative digital currencies. Illustrative andnon-limiting examples of such cryptocurrency networks may include abitcoin peer-to-peer (P2P) payment network, a Litecoin network, aPeercoin network, and various other private digital cryptocurrencynetworks. The various computing devices and servers in suchcryptocurrency networks 100, including client devices 106, managementservers 102, and/or external systems 110, may be configured to performcryptocurrency transfers as senders and/or receivers. For example, aclient device 106 may securely store a private cryptographic keyassociated with a cryptocurrency account of a user, and may usespecialized client software (e.g., cryptocurrency wallet application) togenerate digital cryptographic signatures using the privatecryptographic key and data identifying the details of the requestedcryptocurrency transfer. In some cases, the cryptocurrency clientapplication may execute a cryptographic hash function to generate a hashvalue signature based on the private key value associated with thecryptocurrency account. Recipient client devices 106, as well as otherservers/systems in the network 100, may use the public key of the senderto decrypt the cryptographic signature and verify the authenticity ofthe requested cryptocurrency transfer. Some or all of the client devices106, servers 102, and/or external systems 110 may use databases or othersecure storage to independently maintain and update electronic ledgersfor tracking the current balances associated with cryptocurrencyaccounts.

In some embodiments, certain computing devices and servers in acryptocurrency network 100 may function as miner systems that areconfigured to perform complex mathematical operations in order toproduce new cryptocurrency. Thus, various client devices 106, servers102, and/or external systems 110 may be implemented as cryptocurrencyminers. In some cases, these devices/systems may include specializedhardware and software designed for cryptocurrency mining, such asapplication-specific integrated circuits (ASICs) that are specificallydesigned and configured for cryptocurrency mining and/or specializedcryptocurrency mining software. In some cases, specializedcryptocurrency mining software may be used to allow collaborationbetween multiple different devices/systems which may function as amining pool.

In some embodiments, various computing devices and servers in acryptocurrency network 100 may be configured to collaboratively generateand store universal public ledgers and/or transaction chains for thecryptocurrency network 100. For example, computing devices and systemswithin the cryptocurrency network 100 may be configured to retrieveindividual cryptocurrency transactions from a pool and resolve thetransactions by solving associated mathematical problems, such ascryptographic hashes. After the problem is solved, the associatedcryptocurrency transaction may be added to a universal transaction chainwhich is shared by other devices and systems of the cryptocurrencynetwork 100. Each device/system in the cryptocurrency network 100 mayindependent maintain a copy of the transaction chain, and mayperiodically (or upon request from other systems) share their copy ofthe transaction chain in order to synchronize and reconcile differentversions.

In some embodiments, a transaction chain for a cryptocurrencysystem/network may be stored in a distributed database by multipledifferent data nodes at different devices/servers within the network100. For example, blockchain technology may be used to implement adecentralized distributed database which may be hosted by a combinationof client devices 106, data management servers 102, and/or externalsystems 110. The blockchain (or other decentralized storage system) maystore a distributed electronic ledger and/or universal transaction chainfor the cryptocurrency network 100. The blockchain may be accessed byindividual client software (e.g., wallet applications) of client devices106, which may propose a cryptocurrency value transfer to be added tothe blockchain. After analyzing and authorizing the requested transfer(e.g., by confirming that there is sufficient cryptocurrency value inthe sender's account), a miner node within the cryptocurrency network100 may bundle the transfer with other transactions to create a newblock to be added to the blockchain. In some cases, adding blocks to theblockchain may involve miner nodes repeatedly executing cryptographichash functions, ensuring that the blockchain cannot be tampered with byany malicious systems within the network 100.

As noted above, the client devices 106 in the electronic transfernetwork 100 may include various mobile devices, such as smartphones,tablet computers, personal digital assistants, wearable computingdevices, bodily implanted communication devices, vehicle-based devices,etc. Within an electronic transfer network 100, mobile devices 106 maybe configured to support mobile payment and/or mobile money transferfunctionality. Such mobile devices 106 may initiate and receivecommunications via the Internet, e-mail, short message service (SMS),Bluetooth®, mobile radio-frequency identification (M-RFID), near-fieldcommunication (NFC) and/or various other communication protocols. Insome cases, mobile devices 106 may execute a mobile wallet applicationto store user data and support secure data and/or value transfers viavarious different techniques, for example, SMS-based transactionalpayments, direct mobile billing, Web Application Protocol mobilepayments, and NFC-based payments.

In some examples, the electronic transfer network 100 shown in FIG. 1may correspond to an interactive user platform, such as a socialnetworking platform, messaging platform, and/or gaming platform. In suchcases, an electronic transfer technology platform may be integratedwithin the social networking, messaging and/or gaming platform 100, inorder to provide interactive users with the capabilities to performquick and convenient value transfers with other users anywhere in theworld. Such embodiments may apply to various different collaborativeuser platforms and applications, including social media applications,email applications, chat and messaging applications, online gamingapplications, and the like. These applications may be executed on clientdevices 106 and may transmit communications to and/or establishcommunication sessions with corresponding applications on other clientdevices 106 and/or external systems 110. In some embodiments, the securedata and/or value transfer capabilities of one or more transfer servicesproviders may be embedded into various collaborative user platforms. Forexample, from within a social networking or messaging applicationrunning on client device 106, a user may be able to request and fundvalue transfers utilizing a debit card, credit card, or bank account,and easily direct the funds to another user on the same collaborativeplatform, or to retail agent location and/or to a mobile wallet or bankaccount. Integration of secure value transfer technologies within socialnetworking applications, messaging applications, and the like, mayprovide a cross-border platform for transfer services that enablespay-in and pay-out capabilities that leverage technology, foreignexchange conversion, data management, as well as regulatory, complianceand anti-money laundering (AML) infrastructure of the transfer serviceprovider, to expedite efficient and timely transfers. In such cases, thetechnology platform used to support secure data and/or value transferswithin the network 100 may be accessible to messaging, social, and otherdigital networks, and may offer a suite of APIs built on a highlyscalable infrastructure, enabling fast deployment of domestic andcross-border remittance capabilities.

Referring now to FIG. 2, a simplified block diagram is illustratingshowing a digital kiosk device 206. In some embodiments, digital kioskdevices 206 may be another example of client devices 106. The digitalkiosk device 206 may be implemented, for example, as a kiosk in a retailstore, a value transfer terminal for performing value transfers (e.g.,transfers of money and other assets, submitting payments to payees,etc.), a point-of-sale terminal, an electronic advertising system,and/or other various electronic display systems. The digital kioskdevice 206 may be operated by a user (e.g., customer, shopper), and/orby agent, employee, or representative of a business providing oroperating the kiosk 206. In various embodiments, the digital kioskdevice 206 may include one or more of: a memory system 210, a processingunit 211, a telephone/microphone I/O component system 212, aprinter/scanner I/O component system 213, an audio speaker system 214, akeypad input device 215, an imaging interface device 216, one or moredigital display screens 217, one or more network interface devices 218(e.g., network interface controllers, RF transceivers, etc.), and adigital positioning system 219 (e.g., Global Positioning System (GPS)receiver device). In various embodiments, digital kiosk devices 206 mayinclude a touch screen that functions as the display screen 217 and/orthe keypad 215. The keypad 215 may instead be any device that acceptsuser input, such as a trackball, mouse, or joystick. The imaginginterface device 216 may serve to allow the digital kiosk device 206 tocommunicate with an imaging device. Alternatively, an imaging device maybe directly incorporated into the digital kiosk device 206. Speakers 214may be any audio output device. The printer 213 may be used to providethe user a receipt, point-of-sale information (e.g., productinformation, order confirmation, etc.), coupon, advertisement, or otherinformation to be taken with the user, and scanner 213 may be used toscan a QR Code or barcode identifying a user or transaction, transferrequest, user identification card, coupon, or the like. In someembodiments, a telephone/microphone 212 may be used in conjunction withspeakers 214 to interact with the digital kiosk device 206, or aremotely located user (e.g., counterpart user in a transaction, customerrepresentative, etc.) when performing a transfer or requestinginformation. Digital kiosk devices 206 may include various differenttypes of digital position systems 219 (or geo-location systems 219),such as a Global Positioning System (GPS) receiver, so that kiosklocation data may be collected and returned to data management servers102 and/or other client devices 106. In some cases, such kiosk locationdata may be used to determine which content a specific digital kioskdevice 206 is permitted to receive (e.g., based on domain/jurisdiction),and also may be used to determine factors such as language, dataavailability, network availability, product availability, and the like.

With reference to FIG. 3, an illustrative distributed computingenvironment 300 is shown including a computer server 302, four clientcomputing devices 306, and other components that may implement certainembodiments and features described herein. In some embodiments, theserver 302 may correspond to the data management server 102 discussedabove in FIG. 1, and the client computing devices 306 may correspond tothe client devices 106 and/or 206. However, the computing environment300 illustrated in FIG. 3 also may correspond to any other combinationof devices and servers configured to implement a client-server model orother distributed computing architecture.

Client devices 306 may be configured to receive and execute clientapplications over one or more networks 320. Such client applications maybe web browser based applications and/or standalone softwareapplications, such as mobile device applications. Server 302 may becommunicatively coupled with the client devices 306 via one or morecommunication networks 220. Client devices 306 may receive clientapplications from server 302 or from other application providers (e.g.,public or private application stores). Server 302 may be configured torun one or more server software applications or services, for example,web-based or cloud-based services, to support content distribution andinteraction with client devices 306. Users operating client devices 306may in turn utilize one or more client applications (e.g., virtualclient applications) to interact with server 302 to utilize the servicesprovided by these components.

Various different subsystems and/or components 304 may be implemented onserver 302. Users operating the client devices 306 may initiate one ormore client applications to use services provided by these subsystemsand components. The subsystems and components within the server 302 andclient devices 306 may be implemented in hardware, firmware, software,or combinations thereof. Various different system configurations arepossible in different distributed computing systems 300 and electronictransfer networks 100. The embodiment shown in FIG. 3 is thus oneexample of a distributed computing system and is not intended to belimiting.

Although exemplary computing environment 300 is shown with four clientcomputing devices 306, any number of client computing devices may besupported. Such client 306 may include digital kiosk devices includingsome or all of the features described below in reference to FIG. 2.Other devices, such as specialized sensor devices, etc., may interactwith client devices 306 and/or server 302.

As shown in FIG. 3, various security and integration components 308 maybe used to send and manage communications between the server 302 anduser devices 306 over one or more communication networks 320. Thesecurity and integration components 308 may include separate servers,such as web servers and/or authentication servers, and/or specializednetworking components, such as firewalls, routers, gateways, loadbalancers, and the like. In some cases, the security and integrationcomponents 308 may correspond to a set of dedicated hardware and/orsoftware operating at the same physical location and under the controlof same entities as server 302. For example, components 308 may includeone or more dedicated web servers and network hardware in a datacenteror a cloud infrastructure. In other examples, the security andintegration components 308 may correspond to separate hardware andsoftware components which may be operated at a separate physicallocation and/or by a separate entity.

Security and integration components 308 may implement various securityfeatures for data transmission and storage, such as authenticating usersand restricting access to unknown or unauthorized users. In variousimplementations, security and integration components 308 may provide,for example, a file-based integration scheme or a service-basedintegration scheme for transmitting data between the various devices inthe electronic transfer network 100. Security and integration components308 also may use secure data transmission protocols and/or encryptionfor data transfers, for example, File Transfer Protocol (FTP), SecureFile Transfer Protocol (SFTP), and/or Pretty Good Privacy (PGP)encryption.

In some embodiments, one or more web services may be implemented withinthe security and integration components 308 and/or elsewhere within theelectronic transfer network 100. Such web services, includingcross-domain and/or cross-platform web services, may be developed forenterprise use in accordance with various web service standards, such asRESTful web services (i.e., services based on the Representation StateTransfer (REST) architectural style and constraints), and/or webservices designed in accordance with the Web Service Interoperability(WS-I) guidelines. Some web services may use the Secure Sockets Layer(SSL) or Transport Layer Security (TLS) protocol to provide secureconnections between the server 302 and client devices 306. SSL or TLSmay use HTTP or HTTPS to provide authentication and confidentiality. Inother examples, web services may be implemented using REST over HTTPSwith the OAuth open standard for authentication, or using theWS-Security standard which provides for secure SOAP messages using XMLencryption. In other examples, the security and integration components308 may include specialized hardware for providing secure web services.For example, security and integration components 308 may include securenetwork appliances having built-in features such as hardware-acceleratedSSL and HTTPS, WS-Security, and firewalls. Such specialized hardware maybe installed and configured in front of any web servers, so that anyexternal devices may communicate directly with the specialized hardware.

Communication network(s) 320 may be any type of network familiar tothose skilled in the art that can support data communications using anyof a variety of commercially-available protocols, including withoutlimitation, TCP/IP (transmission control protocol/Internet protocol),SNA (systems network architecture), IPX (Internet packet exchange),Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols,Hyper Text Transfer Protocol (HTTP) and Secure Hyper Text TransferProtocol (HTTPS), Bluetooth®, Near Field Communication (NFC), and thelike. Merely by way of example, network(s) 320 may be local areanetworks (LAN), such as one based on Ethernet, Token-Ring and/or thelike. Network(s) 320 also may be wide-area networks, such as theInternet. Networks 320 may include telecommunication networks such as apublic switched telephone networks (PSTNs), or virtual networks such asan intranet or an extranet. Infrared and wireless networks (e.g., usingthe Institute of Electrical and Electronics (IEEE) 802.11 protocol suiteor other wireless protocols) also may be included in networks 320.

Computing environment 300 also may include one or more data stores 310and/or back-end servers 312. In certain examples, the data stores 310may correspond to data store server(s) 104 discussed above in FIG. 1,and back-end servers 312 may correspond to the various back-end servers110-116. Data stores 310 and servers 312 may reside in the samedatacenter or may operate at a remote location from server 302. In somecases, one or more data stores 310 may reside on a non-transitorystorage medium within the server 302. Other data stores 310 and back-endservers 312 may be remote from server 302 and configured to communicatewith server 302 via one or more networks 320. In certain embodiments,data stores 310 and back-end servers 312 may reside in a storage-areanetwork (SAN), or may use a storage-as-a-service (STaaS) architecturalmodel.

With reference to FIG. 4, an illustrative set of data stores and/or datastore servers is shown, corresponding to the data store servers 104 ofthe electronic transfer network 100 discussed above in FIG. 1. One ormore individual data stores 411-415 may reside in storage on a singlecomputer server 104 (or a single server farm or cluster) under thecontrol of a single entity, or may reside on separate servers operatedby different entities and/or at remote locations. In some embodiments,data stores 411-415 may be accessed by the data management server 102and/or other devices and servers within the network 100 (e.g., clientdevices 106, external systems 110, administrator servers 116, etc.).Access to one or more of the data stores 411-415 may be limited ordenied based on the processes, user credentials, and/or devicesattempting to interact with the data store.

The paragraphs below describe examples of specific data stores that maybe implemented within some embodiments of an electronic transfer network100. It should be understood that the below descriptions of data stores411-415, including their functionality and types of data stored therein,are illustrative and non-limiting. Data stores server architecture,design, and the execution of specific data stores 411-415 may depend onthe context, size, and functional requirements of an electronic transfernetwork 100. For example, in a secure data transfer systems 100 used forprofessional training, separate databases or file-based storage systemsmay be implemented in data store server(s) 104 to store trainee and/ortrainer data, training module data and content descriptions, trainingresults, evaluation data, and the like. In contrast, in electronictransfer systems 100 used to provide electronic advertising or othercontent from content providers to client devices, separate data storesmay be implemented in data stores server(s) 104 to store listings ofavailable content and descriptions, content usage statistics, clientdevice profiles, account data, network usage statistics, etc.

A user profile data store 411 may include information relating to theend users within the electronic transfer network 100. This informationmay include user characteristics such as the user names, accesscredentials (e.g., logins and passwords), user preferences, andinformation relating to any previous user interactions within theelectronic transfer network 100 (e.g., requested data, provided data,system usage data/statistics, associated users, etc.).

An accounts data store 412 may generate and store account data fordifferent users in various roles within the electronic transfer network100. For example, accounts may be created in an accounts data store 412for individual end users, administrator users, and external entitiessuch as businesses, governmental or educational institutions. Accountdata may include account types, current account status, accountcharacteristics, and any parameters, limits, restrictions associatedwith the accounts.

A content/security credential data store 413 may include access rightsand security information for the electronic transfer network 100 andspecific files/content resources. For example, the content/securitycredential data store 413 may include login information (e.g., useridentifiers, logins, passwords, etc.) that can be verified during loginattempts by users and/or client devices 106 to the network 100. Thecontent/security credential data store 413 also may be used to storeassigned user roles and/or user levels of access. For example, a user'saccess level may correspond to the sets of data and/or the client orserver applications that the user is permitted to access. Certain usersand/or client devices may be permitted or denied access to certainapplications and resources based on their access level, subscriptionlevel, etc. Certain users and/or client devices 106 may have supervisoryaccess over one or more end users accounts and/or other client devices106, allowing the supervisor to access all or portions of the user'scontent access, activities, etc. Additionally, certain users and/orclient devices 106 may have administrative access over some users and/orsome applications in the electronic transfer network 100, allowing suchusers to add and remove user accounts, modify user access permissions,perform maintenance updates on software and servers, etc.

A content library data store 414 may include information describing theindividual data items (or resources) available via the electronictransfer network 100. In some embodiments, the content data store 414may include metadata, properties, and other characteristics associatedwith the data items stored in the content server 112. Such data mayidentify one or more aspects or attributes of the associated data items,for example, subject matter or access level of the content resources,license attributes of the data items (e.g., any limitations and/orrestrictions on the licensable use and/or distribution of the dataitems), price attributes of the data items (e.g., a price and/or pricestructure for determining a payment amount for use or distribution ofthe data items), language and geographic associations with the dataitems, and the like. In some embodiments, the content data store 414 maybe configured to allow updating of data item metadata or properties, andto allow the addition and/or removal of information relating to the dataitems. For example, item relationships may be implemented as graphstructures, which may be stored in the content data store 414 or in anadditional data store for use by selection algorithms along with theother metadata.

In addition to the illustrative data stores described above, data storeserver(s) 104 (e.g., database servers, file-based storage servers, etc.)may include one or more external data aggregators 415. External dataaggregators 415 may include third-party data sources accessible to theelectronic transfer network 100, but not maintained by the electronictransfer network 100. External data aggregators 415 may include anyelectronic information source relating to the users, data items, orapplications of the electronic transfer network 100. For example,external data aggregators 415 may be third-party data stores containingdemographic data, education related data, financial data, consumer salesdata, health related data, and the like. Illustrative external dataaggregators 415 may include, for example, social networking web servers,public records data stores, educational institution servers, businessservers, consumer sales data stores, medical record data stores, etc.Data retrieved from various external data aggregators 415 may be used toverify and update user account information, suggest or select usercontent, and perform user and content evaluations. In some cases,external data aggregators 415 may correspond to external servers/systems110.

With reference now to FIG. 5, a block diagram is shown illustrating anembodiment of one or more data management servers 102 within anelectronic transfer network 100. As discussed above, data managementserver(s) 102 may include various server hardware and softwarecomponents that manage the content resources within the electronictransfer network 100 and provide interactive and adaptive content tousers on various client devices 106. For example, data managementserver(s) 102 may provide instructions to and receive information fromthe other devices within the electronic transfer network 100, in orderto manage and transmit data resources, user data, and server or clientapplications executing within the network 100.

A data management server 102 may include a data customization system502. The data customization system 502 may be implemented usingdedicated hardware within the electronic transfer network 100 (e.g., adata customization server 502), or using designated hardware andsoftware resources within a shared data management server 102. In someembodiments, the data customization system 502 may adjust the selectionand adaptive capabilities of data resources to match the needs anddesires of the users and/or client devices 106 receiving the content.For example, the data customization system 502 may query various datastores and servers 104 to retrieve user information, such as userpreferences and characteristics (e.g., from a user profile data store411), location/geographic information associated with users and/orclient devices 106, user access restrictions to data recourses (e.g.,from an access credential data store 413), previous user activity withinthe network 100, and the like. Based on the retrieved information fromdata stores 104 and other data sources, the data customization system502 may modify content resources for individual users and/or individualclient devices 106.

A data management server 102 also may include a user management system504. The user management system 504 may be implemented using dedicatedhardware within the electronic transfer network 100 (e.g., a usermanagement server 504), or using designated hardware and softwareresources within a shared data management server 102. In someembodiments, the user management system 504 may monitor the activitiesof users and/or user devices 106 with respect to various data resources.For example, the user management system 504 may query one or moredatabases and/or data store servers 104 to retrieve user data such asassociated data resources, access and completion status, results, andthe like.

A data management server 102 also may include an evaluation system 506.The evaluation system 506 may be implemented using dedicated hardwarewithin the electronic transfer network 100 (e.g., an evaluation server506), or using designated hardware and software resources within ashared data management server 102. The evaluation system 506 may beconfigured to receive and analyze information from client devices 106.For example, various data received by users via client devices 106 maybe compiled and analyzed, and then stored in a data store 104 associatedwith the user and/or data item. In some embodiments, the evaluationserver 506 may analyze the information to determine the effectiveness orappropriateness of data resources with a user or user group, forexample, based on subject matter, age group, skill level, or the like.In some embodiments, the evaluation system 506 may provide updates tothe data customization system 502 or the user management system 504,with the attributes of one or more data resources or groups of resourceswithin the network 100.

A data management server 102 also may include a data delivery system508. The data delivery system 508 may be implemented using dedicatedhardware within the electronic transfer network 100 (e.g., a datadelivery server 508), or using designated hardware and softwareresources within a shared data management server 102. The data deliverysystem 508 may receive data from the data customization system 502and/or from the user management system 504, and transmit the resourcesto client devices 106. In some embodiments, the data delivery system 508may determine the appropriate presentation format for the data resourcesbased on the user characteristics and preferences, and/or the devicecapabilities of client devices 106. If needed, the data delivery system508 may convert the content resources to the appropriate presentationformat and/or compress the content before transmission. In someembodiments, the data delivery system 508 may also determine theappropriate transmission media and communication protocols fortransmission of the data to and from client devices 106.

In some embodiments, the data delivery system 508 may includespecialized security and integration hardware 510, along withcorresponding software components to implement the appropriate securityfeatures for data transmission and storage, to provide the supportednetwork and client access models, and to support the performance andscalability requirements of the network 100. The security andintegration layer 510 may include some or all of the security andintegration components 308 discussed above in FIG. 3, and may controlthe transmission of data, as well as the receipt of requests and datainteractions, to and from the client devices 106, external servers 110,administrative servers 116, and other devices in the network 100.

With reference now to FIG. 6, a block diagram of an illustrativecomputer system is shown. The system 600 may correspond to any of thecomputing devices or servers of the electronic transfer network 100described above, or any other computing devices described herein. Inthis example, computer system 600 includes processing units 604 thatcommunicate with a number of peripheral subsystems via a bus subsystem602. These peripheral subsystems include, for example, a storagesubsystem 610, an I/O subsystem 626, and a communications subsystem 632.

Bus subsystem 602 provides a mechanism for letting the variouscomponents and subsystems of computer system 600 communicate with eachother as intended. Although bus subsystem 602 is shown schematically asa single bus, alternative embodiments of the bus subsystem may utilizemultiple buses. Bus subsystem 602 may be any of several types of busstructures including a memory bus or memory controller, a peripheralbus, and a local bus using any of a variety of bus architectures. Sucharchitectures may include, for example, an Industry StandardArchitecture (ISA) bus, Micro Channel Architecture (MCA) bus, EnhancedISA (EISA) bus, Video Electronics Standards Association (VESA) localbus, and Peripheral Component Interconnect (PCI) bus, which can beimplemented as a Mezzanine bus manufactured to the IEEE P1386.1standard.

Processing unit 604, which may be implemented as one or more integratedcircuits (e.g., a conventional microprocessor or microcontroller),controls the operation of computer system 600. One or more processors,including single core and/or multicore processors, may be included inprocessing unit 604. As shown in the figure, processing unit 604 may beimplemented as one or more independent processing units 606 and/or 608with single or multicore processors and processor caches included ineach processing unit. In other embodiments, processing unit 604 may alsobe implemented as a quad-core processing unit or larger multicoredesigns (e.g., hexa-core processors, octo-core processors, ten-coreprocessors, or greater. As discussed above, in some cases, processingunit 604 may include one or more specialized ASICs designed andconfigured for cryptocurrency mining and/or specialized cryptographichardware for handling cryptocurrency transactions.

Processing unit 604 may execute a variety of software processes embodiedin program code, and may maintain multiple concurrently executingprograms or processes. At any given time, some or all of the programcode to be executed can be resident in processor(s) 604 and/or instorage subsystem 610. In some embodiments, computer system 600 mayinclude one or more specialized processors, such as digital signalprocessors (DSPs), outboard processors, graphics processors,application-specific processors, and/or the like.

I/O subsystem 626 may include device controllers 628 for one or moreuser interface input devices and/or user interface output devices 630.User interface input and output devices 630 may be integral with thecomputer system 600 (e.g., integrated audio/video systems, and/ortouchscreen displays), or may be separate peripheral devices which areattachable/detachable from the computer system 600.

Input devices 630 may include a keyboard, pointing devices such as amouse or trackball, a touchpad or touch screen incorporated into adisplay, a scroll wheel, a click wheel, a dial, a button, a switch, akeypad, audio input devices with voice command recognition systems,microphones, and other types of input devices. Input devices 630 mayalso include three dimensional (3D) mice, joysticks or pointing sticks,gamepads and graphic tablets, and audio/visual devices such as speakers,digital cameras, digital camcorders, portable media players, webcams,image scanners, fingerprint scanners, barcode reader 3D scanners, 3Dprinters, laser rangefinders, and eye gaze tracking devices. Additionalinput devices 630 may include, for example, motion sensing and/orgesture recognition devices that enable users to control and interactwith an input device through a natural user interface using gestures andspoken commands, eye gesture recognition devices that detect eyeactivity from users and transform the eye gestures as input into aninput device, voice recognition sensing devices that enable users tointeract with voice recognition systems through voice commands, medicalimaging input devices, MIDI keyboards, digital musical instruments, andthe like.

Output devices 630 may include one or more display subsystems, indicatorlights, or non-visual displays such as audio output devices, etc.Display subsystems may include, for example, cathode ray tube (CRT)displays, flat-panel devices, such as those using a liquid crystaldisplay (LCD) or plasma display, light-emitting diode (LED) displays,projection devices, touch screens, and the like. In general, use of theterm “output device” is intended to include all possible types ofdevices and mechanisms for outputting information from computer system600 to a user or other computer. For example, output devices 630 mayinclude, without limitation, a variety of display devices that visuallyconvey text, graphics and audio/video information such as monitors,printers, speakers, headphones, automotive navigation systems, plotters,voice output devices, and modems.

Computer system 600 may comprise one or more storage subsystems 610,comprising hardware and software components used for storing data andprogram instructions, such as system memory 618 and computer-readablestorage media 616. The system memory 618 and/or computer-readablestorage media 616 may store program instructions that are loadable andexecutable on processing units 604, as well as data generated during theexecution of these programs.

Depending on the configuration and type of computer system 600, systemmemory 618 may be stored in volatile memory (such as random accessmemory (RAM) 612) and/or in non-volatile storage drives 614 (such asread-only memory (ROM), flash memory, etc.) The RAM 612 may contain dataand/or program modules that are immediately accessible to and/orpresently being operated and executed by processing units 604. In someimplementations, system memory 618 may include multiple different typesof memory, such as static random access memory (SRAM) or dynamic randomaccess memory (DRAM). In some implementations, a basic input/outputsystem (BIOS), containing the basic routines that help to transferinformation between elements within computer system 600, such as duringstart-up, may typically be stored in the non-volatile storage drives614. By way of example, and not limitation, system memory 618 mayinclude application programs 620, such as client applications, Webbrowsers, mid-tier applications, server applications, etc., program data622, and an operating system 624.

Storage subsystem 610 also may provide one or more tangiblecomputer-readable storage media 616 for storing the basic programmingand data constructs that provide the functionality of some embodiments.Software (programs, code modules, instructions) that when executed by aprocessor provide the functionality described herein may be stored instorage subsystem 610. These software modules or instructions may beexecuted by processing units 604. Storage subsystem 610 may also providea repository for storing data used in accordance with the presentinvention.

Storage subsystem 610 may also include a computer-readable storage mediareader that can further be connected to computer-readable storage media616. Together and, optionally, in combination with system memory 618,computer-readable storage media 616 may comprehensively representremote, local, fixed, and/or removable storage devices plus storagemedia for temporarily and/or more permanently containing, storing,transmitting, and retrieving computer-readable information.

Computer-readable storage media 616 containing program code, or portionsof program code, may include any appropriate media known or used in theart, including storage media and communication media, such as but notlimited to, volatile and non-volatile, removable and non-removable mediaimplemented in any method or technology for storage and/or transmissionof information. This can include tangible computer-readable storagemedia such as RAM, ROM, electronically erasable programmable ROM(EEPROM), flash memory or other memory technology, CD-ROM, digitalversatile disk (DVD), or other optical storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or other tangible computer readable media. This can also includenontangible computer-readable media, such as data signals, datatransmissions, or any other medium which can be used to transmit thedesired information and which can be accessed by computer system 600.

By way of example, computer-readable storage media 616 may include ahard disk drive that reads from or writes to non-removable, nonvolatilemagnetic media, a magnetic disk drive that reads from or writes to aremovable, nonvolatile magnetic disk, and an optical disk drive thatreads from or writes to a removable, nonvolatile optical disk such as aCD ROM, DVD, and Blu-Ray® disk, or other optical media.Computer-readable storage media 616 may include, but is not limited to,Zip® drives, flash memory cards, universal serial bus (USB) flashdrives, secure digital (SD) cards, DVD disks, digital video tape, andthe like. Computer-readable storage media 616 may also include,solid-state drives (SSD) based on non-volatile memory such asflash-memory based SSDs, enterprise flash drives, solid state ROM, andthe like, SSDs based on volatile memory such as solid state RAM, dynamicRAM, static RAM, DRAM-based SSDs, magnetoresistive RAM (MRAM) SSDs, andhybrid SSDs that use a combination of DRAM and flash memory based SSDs.The disk drives and their associated computer-readable media may providenon-volatile storage of computer-readable instructions, data structures,program modules, and other data for computer system 600.

Communications subsystem 632 may provide a communication interface fromcomputer system 600 and external computing devices via one or morecommunication networks, including local area networks (LANs), wide areanetworks (WANs) (e.g., the Internet), and various wirelesstelecommunications networks. As illustrated in FIG. 6, thecommunications subsystem 632 may include, for example, one or morenetwork interface controllers (NICs) 634, such as Ethernet cards,Asynchronous Transfer Mode NICs, Token Ring NICs, and the like, as wellas one or more wireless communications interfaces 636, such as wirelessnetwork interface controllers (WNICs), wireless network adapters, andthe like. Additionally and/or alternatively, the communicationssubsystem 632 may include one or more modems (telephone, satellite,cable, ISDN), synchronous or asynchronous digital subscriber line (DSL)units, FireWire® interfaces, USB® interfaces, and the like.Communications subsystem 636 also may include radio frequency (RF)transceiver components for accessing wireless voice and/or data networks(e.g., using cellular telephone technology, advanced data networktechnology, such as 3G, 4G or EDGE (enhanced data rates for globalevolution), WiFi (IEEE 802.11 family standards, or other mobilecommunication technologies, or any combination thereof), globalpositioning system (GPS) receiver components, and/or other components.

The various physical components of the communications subsystem 632 maybe detachable components coupled to the computer system 600 via acomputer network, a FireWire® bus, or the like, and/or may be physicallyintegrated onto a motherboard of the computer system 600. Communicationssubsystem 632 also may be implemented in whole or in part by software.

In some embodiments, communications subsystem 632 may also receive inputcommunication in the form of structured and/or unstructured data feeds,event streams, event updates, and the like, on behalf of one or moreusers who may use or access computer system 600. For example,communications subsystem 632 may be configured to receive data feeds inreal-time from users of social networks and/or other communicationservices, web feeds such as Rich Site Summary (RSS) feeds, and/orreal-time updates from one or more third party information sources(e.g., data aggregators 309). Additionally, communications subsystem 632may be configured to receive data in the form of continuous datastreams, which may include event streams of real-time events and/orevent updates (e.g., sensor data applications, financial tickers,network performance measuring tools, clickstream analysis tools,automobile traffic monitoring, etc.). Communications subsystem 632 mayoutput such structured and/or unstructured data feeds, event streams,event updates, and the like to one or more data stores 104 that may bein communication with one or more streaming data source computerscoupled to computer system 600.

Due to the ever-changing nature of computers and networks, thedescription of computer system 600 depicted in the figure is intendedonly as a specific example. Many other configurations having more orfewer components than the system depicted in the figure are possible.For example, customized hardware might also be used and/or particularelements might be implemented in hardware, firmware, software, or acombination. Further, connection to other computing devices, such asnetwork input/output devices, may be employed. Based on the disclosureand teachings provided herein, a person of ordinary skill in the artwill appreciate other ways and/or methods to implement the variousembodiments.

With reference now to FIG. 7, a block diagram is shown illustrating anexample integration framework and user interface system 700, which maybe configured to provide secure transaction functionality embeddedwithin host applications executing on transaction client devices. Inthis example, system 700 includes a transaction integration framework710, a content delivery network 720, a plurality of transaction clientdevices 730 a-730 c (which collectively and/or individually may bereferred to as client device(s) 730), and a core transaction system 740.As discussed below in more detail, integration framework 710 and/orclient devices 730 may include a number of subsystems (e.g., services,processing engines, servers, applications, etc.) configured to embedsecure transaction functionality within host applications 731 executingon transaction client devices. For example, specialized softwarecomponents 732 (e.g., widgets) may be integrated into and invoked fromwithin host applications 731. These embedded software components 732 maybe configured to transmit initial transaction data (e.g., sender andreceiver data, location data, host application data, etc.) to thetransaction integration framework 710. In response, the transactionintegration framework 710 may determine a particular transaction userinterface to be embedded within the host application 731, and mayprovide the particular transaction user interface to the integratedsoftware component 732. From there, the software component 732 mayrender the transaction user interface within the host application 731,allowing the user to initiate a transaction request that may be securelytransmitted to and processed by the transaction integration framework,using core transaction systems 740. Thus, the transaction request may beinitiated using the appropriate set of input data received via theparticularly selected transaction user interface, which may be senderlocation and/or receiver location specific, and/or may be partnerspecific.

Transaction client devices 730 may include any types of computingdevices discussed above in connection with user devices 106, 206, 600,etc. For example, one or more transaction client devices 730 may includedesktop computers, servers, television set-top boxes, and home gamingsystems, while other client devices 730 may include various mobiledevices such as laptop computers, tablet computers, smart phones, smartwatches, wearable computing devices, and vehicle-based computingsystems. Each client device 730 may include some or all of thecomponents of device 600, discussed above. However, it should beunderstood that these examples of user device architectures areillustrative and non-limiting, and that different configurations ofhardware, software, and network components may be used in different userdevices.

The host applications 731 executing on the transaction client device 730may include, for example, messaging applications, social networkingapplication, gaming applications, electronic mail client applications,online merchant client applications, and other types of interactive orcollaborative user software applications. In some embodiments, thetransactions initiated within the host applications 731 may be fundstransfers between current users of the host application 731, such as thetransfers between current parties of a messaging conversation, users ofa social networking application, users within a collaborative gamingenvironment, etc. For instance, a user interacting with the hostapplication 731 may select an option within the host application 731 toinitiate a payment to or request a payment from a different user via thehost application 731. The selection of such an option within the hostapplication 731 may invoke the integrated software component 732,causing the component 732 to retrieve initial transaction data (e.g.,sender data, receiver data, location data, transaction type data, hostapplication data, etc.) and transmit the initial transaction data to theintegration platform 710.

The content delivery network 720 may be configured to host a pluralityof different transaction user interfaces, and to provide specifictransaction user interfaces to transaction clients 730 upon request. Forexample, in some cases, a different transaction user interface may berequired for each different permutation of the sender location (e.g.,country, state, and/or region) and receiver location (e.g., country,state, and/or region). For instance, each individual country, state,region, or other geographic domain may impose a unique set of a ruleswith respect to different transaction types (e.g., value transfers) intoand out of the jurisdiction. Such rules may be determined as a matter ofpolicy by the jurisdiction, for example, compliance rules, riskassessment rules, etc. For instance, a first jurisdiction (e.g.,country) may require that all transfers initiated from the firstjurisdiction must require submission and analysis of certain specifiedsender and receiver information. Similarly, a second jurisdiction (e.g.,country) may require that all transfers to recipients within the secondjurisdiction may require certain specific user validations and apredetermined question/answer interaction session. In these examples, atransfer from a sender in the first country to a recipient in the secondcountry would therefore require a transaction user interface thatsatisfied both sets of location-specific rules and requirements (e.g.,the sender country outgoing requirements and the receiver countryincoming requirements). Thus, if the systems 700 is to support worldwidecross-border transactions (or at least a significant subset of worldwidecross-border transactions), then the system 700 may be required to embedand render within the host applications 731 hundreds or thousands ofdifferent transaction user interfaces in different scenarios.

Additionally, in certain embodiments, the transaction integrationframework 710 may support partner-specific transaction user interfaces,so that a sender-to-receiver transaction initiated from within a firsthost application (e.g., Host App #1) may have different rules andrestrictions, and may require different user input data and thus adifferent transaction user interfaces, from the exact samesender-to-receiver transaction initiated from within a second hostapplication (e.g., Host App #2). Thus, the support of partner-specifictransaction user interfaces, additionally or alternatively to senderlocation specific and receiver location specific transaction userinterfaces, may have a multiplying effect on the total number oftransaction user interfaces that potentially may be embedded andrendered within host applications 731. Moreover, in some cases,different transaction user interfaces may be required based fordifferent transaction types and subtypes (e.g., different payment typesand/or different amount ranges in money transfer transactions), whichmay have a further multiplying effect on the total number of transactionuser interfaces that potentially may be embedded and rendered withinhost applications 731.

Accordingly, as shown in this example, the transaction integrationframework 710 may use a content delivery network 720 to host and providelarge numbers of different transaction user interfaces. The contentdelivery network 720 may include a number of geographically dispersedsecure storage systems and computer servers configured to host, manage,and update a plurality of transaction user interfaces, and to providespecific transaction user interfaces in response to requests from clientdevices 730. In such examples, an authoring system 900 for transactionuser interfaces associated with the integration framework 710 may beimplemented to allow users to generate new transaction user interfacesfor new sender location-receiver location (and/or host application)permutations, and/or to update existing permutations of transaction userinterfaces based on different rules and data requirements imposed bysender jurisdictions, receiver jurisdictions, and/or host applicationdevelopers, etc. In some cases, each separate host application 731(and/or each partner host application developer) may have a differentassociated folder structures, etc., within the content delivery network720. After the transaction user interfaces are generated (or updated)via the authoring system 900, the integration framework 710 may transmitthe interfaces to the content delivery network 720. In some cases, theinterfaces may be stored as JSON files, and multiple versions of eachinterface may be generated and stored in different languages.

When a user on a transaction client device 730 initiates a transactionvia a host application, for example, by indicating that the user wantsto perform transaction and/or providing initial transaction senderand/or receiver data, the software component 732 integrated into thehost application 731 may transmit the indication and/or the initialtransaction data to the integration framework 710. As discussed below inmore detail, the integration framework 710 may determine sender andreceiver locations and/or other factors (e.g., host/partner identity,transaction type, etc.), and may use the location data and other factorsto determine the appropriate transaction user interface that should berendered to the user via the host application 731. The appropriatetransaction user interface may correspond to the senderlocation-receiver location permutation, and/or may comply with the otherrelevant factors, and thus may be include the necessary user interfacefields and interactive components necessary to satisfy the sender,receiver, and host application rules and requirements. After determiningthe appropriate transaction user interface, the integration framework710 may determine a particular server within the CDN 720 that is capableof providing the transaction user interface to the client device 730. Insome cases, the integration framework 710 may select the particular CDNserver based on geographic proximity to the client device 730.Additionally or alternatively, the integration framework 710 may selectthe particular CDN server based on factors such as current CDN serverload, the version and/or recency of the transaction user interface onthe particular CDN server, etc. After determining a particular CDNserver appropriate to provide the transaction user interface to theclient device 730, the integration framework 710 may transmit dataidentifying the CDN server and the transaction user interface (e.g., aURL hosted by the CDN server) to the integrated application 732 on theclient device 730.

In order to perform these features and the additional functionalitydescribes herein, the transaction integration framework 710 may beimplemented on a single computer server or a multiple different serversin collaboration, operating at one or more data centers/physicallocations. An example architecture and component diagram of thetransaction integration framework 710 is discussed below in reference toFIG. 8. Additionally, although the physical network components have notbeen shown in FIG. 7 so as not to obscure the other elements depicted,it should be understood that any of the network hardware components andnetwork architecture designs may be implemented in various embodimentsto support communication between the servers and devices in the system700. Additionally, different client devices 730 and CDN servers withinthe CDN 720 may use different networks and networks types to communicatewith each other and/or with the transaction integration framework 710,including one or more telecommunications networks, cable networks,satellite networks, cellular networks and other wireless networks, andcomputer-based IP networks, and the like. Further, certain componentswithin system 700 may include special purpose hardware devices and/orspecial purpose software, such as those included in I/O subsystemssystems, positioning systems, and storage and networking capabilities ofthe various client devices 710, as well as those within the processingengines, subcomponents, and data stores of the integration platform 710.

Further, in some embodiments, the integration framework and userinterface system 700 may be integrated within, or configured to operatein collaboration with, one or more electronic data transfer networks100. For example, system 700 may be the same as, or may operate withinor in collaboration with, any of the electronic data transfer network100 described above. Thus, specific examples of systems 700 may include,without limitation, secure systems for transferring value and othermedia of exchange, eCommerce systems, multi-entity systems forexchanging content resources (e.g., media files, educational andprofessional training content, gaming content, Internet content, etc.),and other electronic data transfer systems. In such cases, thetransaction integration framework 710 and its associated components,subsystems, and data stores may correspond to and may be implementedwithin a data management server 102 and/or a data store server 104, andtransaction client devices 730 may correspond to the client devices 106and/or external systems described above in reference to network 100.

Referring now to FIG. 8, an illustrative system architecture diagram isshown for the transaction integration framework 710, in accordance withcertain embodiments. In this example, the transaction integrationframework 710 includes a user interface framework 810, a caching andload balancing system 815, channel services 820, presentation servers830, and number of partner-specific integration services 840 a-840 bconfigured to communicate with host applications 731 via correspondingpartner application programming interfaces (APIs).

The user interface framework 810 includes a global CSS component,JavaScript frameworks, controllers, and services, which in collaborationare configured to create the location-specific and/or partner-specific(or host application-specific) transaction user interfaces. In someembodiments, the user interface framework 810 may implement a model andview object, using the JavaScript framework, to allow different userinterfaces to be rendered for specific customers and/or languages.

The caching and load balancing system 815 may provide caching on theserver 710. Channel services 820 and presentation servers 830 mayimplement the partner-specific APIs that manage the partner-specificinformation, such as host application data, rules, regulations, andintegration data particular to a specific partner. As used herein, the“partner” may include one or more entities associated with particularhost applications 731, such as the application developer or operatingentity. In some cases, multiple different host applications 731 may beassociated with a single partner having a common set of partner-specificuser interface rules, integration protocols, etc.

In some embodiments, a single instance of the channel services 820 andpresentation servers 830 may be executed. For example, a unique partneridentifier may be passed to the APIs of the channel services 820 andpresentation servers 830, and these APIs may return partner-specificdata (e.g., partner information, rules, etc.) stored in the partner datastore 850, which may be used to render the partner-specific userinterfaces. In contrast, the integration services 840 may bepartner-specific, so that each integration service 840 a or 840 b isconfigured separately to invoke the APIs of a specific partner only.Because different integration services 840 are directed to differentendpoints, a different instance may be executed for each integrationservice in some embodiments. As noted above, the partner data store 850may include various partner-specific information, such as profile data,transaction data, etc.

In further reference to FIG. 8, in some implementations, one or moremobile websites of transfer services providers may be developedspecifically to be accessed via end user applications 731, such associal networking applications, messaging applications, and the like. Insome cases, a mobile website (e.g., HTML 5) may be built to be accessedvia a link in an official account of a transfer services provider (e.g.,integration framework 710), via an end user application 731. Thesolution 732 may be hosted and managed by the transfer servicesprovider. The mobile website 732 interfaced to the end user application731 may be designed using the modern HTML5 stack. Such embodiments mayinclude several potential technical advantages, including with respectto screen design (e.g., support for creating and arranging the userinterface 732, the look and the behavior of application content), viewmanagement (e.g., structuring and managing the view machinery such asthe layout and interactivity of screen elements), data and codemanagement (e.g., updating the screen when the data changes, andupdating data when receiving input from the user), and communicatingwith the back-end and server-side.

As noted above, in some embodiments, the user interface framework 810may leverage the modern Model-View-Controller (MVC) architecturalpattern for writing the application for the transfer services provider.This proposed application may divide the user interface into threedistinct parts, helping to organize the codebase into logicalrepresentations of information depending upon their function. One goalof MVC in such solutions may be to clearly define the responsibilitiesof each piece of the application. Because every class (e.g., every file)has clearly defined responsibilities, they may implicitly becomeignorant of the larger environment—making the application easier totest, easier to maintain, and allowing code to be reused. Additionally,the such solutions may be designed on via the integration platform 710and may leverage the design principals of one or more web contentmanagement systems (e.g., the CQ5 platform architecture) for theextended transfer services via the messaging, social networking or otherhost application 731. Such solutions may provide the access to thefunctionality of transaction integration platform 710 (e.g., to initiateand request transfers and other transactions) within the nativemessaging application 731 or other host application 731.

In some cases, changes may be performed via the channel services 820.For example, in certain implementations, as transaction user interfaceflows and designs are changed, the user interface screens cannot bereused. In such embodiments, separate development and no reuse ofexisting front code development altogether may be enforced. However, insome embodiments, certain existing JavaScript libraries (e.g., ClientAPI and validations) may be reused. Further, in some cases, theapplication may support only phone form factors. For instance, theresponsive web page design may serve all IOS and ANDROID mobile devices,along with form and factors.

In various embodiments and implementations, specific technical designprinciples and specifications may be used, such as using a single codebased for all platforms, and reusing an R3 platform/architecture.Additionally, in some embodiments, the transaction data may be securedwithin the integrated software component 732, and communications betweenthe software component 732 and the integration framework 710 may besecured, so that it is not accessible by the social networking/messagingapplication.

Additionally, certain embodiments may support seamless integrationbetween the integrated component 732 and social networking applications,messaging applications, and other host applications 731, to provide abetter user experience. For example, a mobile communication hostapplication 731 may initially invoke an integrated mobile application732, passing a unique one time use code in a query parameter to thecallback URL. Next, the integrated mobile application 732 may call theappropriate integration service 840 via HTTPS/REST/POST, passing the onetime code. The integration service 840 then may call an API within thechannel services 820 and/or presentation services 830 viaHTTPS/REST/GET, passing the one time code, the Application ID, and a“secret.” The API may validate the information and return an multi-useaccess token which is valid for a only predetermined period of time(e.g., five minutes). The integration service 840 then may call an APIusing the access token and Application ID, where the API returnsinformation corresponding to the user of the host application 731, suchas the openID, nickname, and a URL of the user's associated avatarimage. This user information then may be returned to the integratedmobile site 732 via the integration service 840.

Referring now to FIG. 9, an illustrative system architecture diagram isshown for an authoring environment 900, in accordance with certainembodiments. The authoring environment 900 in this example may be usedto generate and/or modify particular transaction user interfaces via theintegration framework 710. In some implementations, the authoringenvironment 900 may correspond to, or may operate separately but incollaboration with, the user interface framework 810.

In this example, authoring environment 910 includes web contentmanagement system 911, and two JSON files 912-913 corresponding to atransaction user interface rendered in two different languages, anEnglish JSON file 912 and a Spanish JSON file 913. Additionally, theJavaScript framework 920 includes a cascading style sheet (CSS)component 921 that may be used to provide a theme the transaction userinterface. In some cases, the CSS 921 may apply a generic style guide toall transaction user interfaces, while additionally or alternatively,each transaction user interface may have its own associated stylesheet.The JavaScript component 922 may be configured to generate a JavaScriptwidget that may be wrapped by a publisher, and these build components921-922 along with templates 923 may be leveraged during the buildprocess 930 to support rapid content changes to existing userinterfaces.

Referring now to FIG. 10, a flow diagram is shown illustrating anexample process of generating and hosting a plurality of transactionuser interfaces. As described below, the steps in this process may beperformed by one or more components in the systems described above(e.g., system 700), such as a transaction integration framework 710 incommunication with one or more a content delivery network 720 and clientdevices 730. However, it should be understood that the various featuresand processes described herein, including designing and buildingtransaction user interfaces, and hosting the transaction user interfaces(e.g., via a standalone data store or a CDN), need not be limited to thespecific systems and hardware implementations described above in FIGS.1-9.

In steps 1001 and 1002, various systems/components within thetransaction integration framework 710 may receive location-based rules(step 1001) and/or partner-specific rules (step 1002) to be applied tosecure transactions supported by the framework 710. For example, asdiscussed above, individual jurisdictions (e.g., countries, states,and/or regions) may have requirements for certain transaction typesinitiated within their jurisdictions and/or directed to theirjurisdictions. For example, a first jurisdiction may require specificuser identification data, recipient data, transaction data, etc., whilea second jurisdiction may have different requirements for initiating thesame transaction. Different jurisdictions also may have differentrequirements with respect to user notifications (e.g., legaldisclaimers), authentication and identity verification techniques, etc.Moreover, a jurisdiction's requirements for a transaction initiated/sentfrom the jurisdiction may be different from the requirements for atransaction received in the jurisdiction.

In addition to the location-based rules received in step 1001, a numberof partner-specific rules may be received by the integration framework710 in step 1002. Partner-specific rules may include any rules similarto any of the location-based rules discussed above. However,partner-specific rules are associated with specific partners and/or hostapplications 731, rather than with specific jurisdictions. For instance,a first partner-specific rule may specify that any transactionsinitiated via a first host application 731 will require two-factorauthentication and a written user explanation for the transaction (to belogged), whereas a second partner-specific rule applicable to a secondhost application 731 may have entirely different rules/requirements. Inaddition to these examples, both location-based rules andpartner-specific rules may also include rules based on specifictransaction type, permissible times for initiating or completingtransactions, specific user/role requirements for initiating orcompleting transactions, transfer amount limits (e.g., in data or funds)for certain transaction types, and/or rules relating to specificresources that may/may not be transferred, etc.

In step 1003, the integration framework 710 may determine theappropriate user interface features/components for the particularcombination of the location-based rules and partner-specific rules.Thus, the set of features/components determined in step 1003 maycorrespond to a single transaction user interface that enforces a set oflocation-based rules (e.g., sender location rules and receiver locationrules) as well as set of partner-specific rules. Depending on thedifferent types of location-based rules, partner-specific rules, andvarious other rules that may be implemented by the integration framework710, the user interface components/features determined in step 1003 mayinclude content to be displayed to the user (e.g., notifications), datafields configured to receiver user input, interactive interfacecomponents used to verify/authenticate users, etc. These user interfacecomponents/features may be individual controls (e.g., dropdowns, textboxes, etc.), or may be entire pages of content. Thus, the resultingtransaction user interface may be single page interface, a multi-pageinterface, or a more complex interactive user application with multiplepages, different navigation paths, interactive controls, etc.

As discussed below, the transaction user interface resulting from thecomponents/features determined in step 1003 may be used in scenarioswhen the integration framework 710 determines that both theselocation-based rules and partner-specific rules apply. However, in otherscenarios, only the location-based rules may apply (e.g., if thetransaction is initiated from a separate host application), or only thepartner-specific rules may apply (e.g., if the transaction is initiatedfrom a separate jurisdiction). In other scenarios, neither of these setsof rules may apply, or different sets of rules may apply correspondingto the different sender and receiver locations and/or differentpartners. Accordingly, the steps in this example flow diagram may beperformed separately for each different permutation of the possiblesender locations and receiver locations. Further, when partner-specificrules are also supported (and/or any other categories of rules describedabove), the steps in this example flow diagram may be performedseparately for each different permutation of all of the possible valuesfor each variable (e.g., sender location, receiver location, partner,transaction type, time, etc.).

In step 1004, a transaction user interface is built (or updated from aprevious version) to incorporate the user interface components andfeatures determined in step 1003. Various different techniques may beused to build and/or update the user interface in step 1004, anddifferent formats of user interface may be used in differentembodiments. For example, in some cases, the user interface framework810 and/or authoring environment system 900, described above, may beused to build the user interface in step 1004. However, other buildtechniques and/or different user interface format may be used in otherexamples. In some cases, the step 1004 may include the generation ofmultiple different user interface data objects or files corresponding todifferent languages. In certain cases, the languages designated for theuser interface(s) created in step 1004 may be determined based on thesender location and/or receiver location associated with thelocation-based rules received in step 1001. For instance, when a set oflocation-based rules is received governing transfers from the UnitedStates to China, the integration platform 710 may determine that atransaction user interface should be generated in English, Spanish, andChinese, whereas when a set of location-based rules is receivedgoverning transfers from China to France, the integration platform 710may determine that a transaction user interface need not be generated inEnglish or Spanish.

In step 1005, the integration platform 710 may determine an expirationtime/date associated with the transaction user interface generated instep 1004. As discussed below, the expiration time may be enforced bythe content delivery network 720 to ensure that expired and staleversions of particular transaction user interfaces will not be providedto client devices 730. In some embodiments, an expiration time for thetransaction user interface (e.g., one hour, one day, one month, etc.)may be assigned by default in some embodiments. In other cases, theexpiration times for transaction user interfaces may be determined basedon input received from the associated jurisdictions of the sender andreceiver locations, or based on data received from the host application731. For example, for application security and data integrity reasons, ajurisdiction or a partner may desire a shorter expiration time, whereasin other example, for application performance reasons, the jurisdictionor partner may desire a longer expiration time.

In step 1006, the transaction user interface generated in step 1004 isprovided to one or more CDNs 720, along with the associated expirationtime/date determined in step 1005. As noted above, CDN 720 may include anetwork of geographically dispersed secure storage systems and computerservers configured to host, manage, and update transaction userinterfaces. Transmitting the transaction user interface to the CDN 720may result in the user interface file and/or data objects being storedand replicated on multiple different data centers within the CDN 720.

Referring now to FIG. 11, a flow diagram is shown illustrating anexample process of determining and providing a particular transactionuser interface to a client device, in response to the initiation of atransaction by a user. As described below, the steps in this process maybe performed by one or more components in the systems described above(e.g., system 700), such as a transaction integration framework 710 incommunication with one or more a content delivery network 720 and clientdevices 730. However, it should be understood that the various featuresand processes described herein, including determining a particulartransaction user interface and a particular CDN server, need not belimited to the specific systems and hardware implementations describedabove in FIGS. 1-9.

In step 1101, the integration framework 710 may receive a transmissionof initial transaction data from an integrated software component 732executing on a client device 730. As discussed above, the integratedsoftware component 732 may be associated with (and/or executed within)an end user host application 731, such as a messaging application 731, asocial networking application 731, a gaming application 731, etc. Thehost applications 731 in these examples may be configured to support oneor more types of transactions (e.g., secure data transfers, fundstransfers, etc.) by invoking the integrated software component 732 inresponse to an indication from the user that the user would like toperform a transaction. For instance, in an embodiment where secure,cross-border, user-to-user funds transfers are supported by a hostapplication 731, the host application 731 may provide a user-selectablecomponent (e.g., a clickable button or icon) that causes the integratedsoftware component 732 to be invoked.

When the host application 731 invokes the integrated software component732, it may pass the integrated software component 732 various initialtransaction information, including data identifying the sender in thetransaction (e.g., which may be assumed to be the current user of thehost application 731), and/or data identifying the receiver in thetransaction (e.g., which may be assumed to be the user that the currentuser is interacting with in the host application 731 at the time theintegrated software component 732 is first invoked). Depending on theinformation available to the host application, the sender and receiverdata may include, for example, user identifiers, email addresses, names,phone numbers, etc. In some cases, the host application 731 might not beconfigured to or able to determine the intended sender and/or intendedrecipient(s) for a transaction, and thus may render an initial genericuser interface to receive input from the user regarding the sender andreceiver of the proposed transaction. Additionally, in some embodiments,the host application 731 may provide the integrated software component732 with additional data beyond sender and receiver identifying data,such as the type of transaction to be initiated (e.g., based on theparticular user-selectable component selected by the user, when multiplecomponents and transaction types are available), data identifying thehost application (or partner), the current location data of the mobileclient device 730, the current network and IP address of the mobileclient device 730, and/or other application session data, etc.

In some embodiments, the integrated software component 732 may receive aunique identifier associated with the current user of the hostapplication 731, and may transmit the unique identifier to theintegration platform to perform a single-sign-on for the user,seamlessly and without any additional input required from the user.

In step 1102, the integration framework 710 may determine the locationsassociated with the sender and receiver in the transaction, based on thedata received from the integrated software component 732 in step 1101.In some cases, the integrated software component 732 may itselfdetermine the sender location (e.g., based on the location of the clientdevice 730) and/or the recipient location (e.g., based on user data ofthe host application 731). In other cases, the integration framework 710may retrieve the sender and receiver locations from a data store (e.g.,850) data based on email addresses, names, phone numbers, IP addresses,or the other data provided by the integrated software component 732.

In some embodiments, the locations determined (or received) in step 1102may correspond to the current locations of the transaction sender andreceiver, while in other cases the locations may correspond to thecurrent locations of the resources being transferred. For example, auser currently in Country A may initiate a funds transfer from anaccount at a financial institution in Country B, or a transfer of securedata files from a data center in Country B. In these case, theapplicable transaction compliance rules may be those of Country B, andthus the integration framework 710 would identify the country of theresources to be transferred, not the current country of the user.However, in other cases, the current physical jurisdiction of the useralso may invoke certain location-based sender rules, instead of or inaddition to the location-based sender rules associated with thejurisdiction of the resources to be transferred. Similar techniques maybe performed to determine the relevant recipient location(s).

Although this example relates to sender and receiver location data only,in other examples, the integration framework 710 may identify additionaldata in step 1102 that may be relevant for determining the transactionuser interface. For instance, as discussed above, the particular partnerand/or host application 731 may have partner-specific and/or hostapplication-specific rules or requirements for the transaction that mayaffect which transaction user interface should be selected. Additionalrules or requirements for the transaction also may be associated withspecific times, transaction types, transfer amounts, and/or othertransaction information. Thus, in such cases, the integration framework710 may determine this additional data in step 1102.

Further, although this example is discussed with reference to a singlesender and a single receiver, the integration framework 710 may supportone-to-many, many-to-one, and many-to-many transactions as well. Forsuch transactions, the integration framework 710 may determine thelocation data, amount data, and/or other relevant transaction data, forall senders and receivers, so that the user interface(s) selected orgenerated for the these transactions complies with all applicablelocation-based rules from all of the various sender and receiverjurisdictions.

In step 1103, the integration framework 710 may determine a particularuser interface that should be used for submitting transaction requests,based on the sender and receiver location data (and any other relevantdata) determined in step 1102. As discussed above, a differenttransaction user interface may be required for each differentpermutation of sender locations and receiver locations. Additionally, insome cases, particular partners, host applications, and othertransaction data determined in step 1102 also may be factors indetermining the transaction user interface(s) to be used.

In step 1104, the integration framework 710 may determine a serverwithin the content delivery network 720 to serve the particulartransaction user interface to the client device 730. When the particulartransaction user interface is stored on multiple different serverswithin the CDN 720, the integration framework 710 may use one or morecriteria for selecting a particular CDN server. For example, whenmultiple CDN servers that host the particular transaction user interfaceare geographically dispersed, the integration framework 710 may selectthe CDN server that is closest geographically to the client device 730to serve the transaction user interface. In other examples, theintegration framework 710 may select a CDN server from a plurality ofCDN servers based on the current processing and/or network capacities ofthe CDN servers. In still other examples, the particular version,timestamp, and/or recency of the particular transaction user interfacemay be used to select a CDN server to serve the transaction userinterface. Any combination and various different weightings of the abovefactors may be used to select the particular server of the CDN 720 instep 1104.

In step 1105, the integration server 710 may transmit data identifyingthe particular transaction user interface, and the CDN server selectedto serve the transaction user interface, to the client device 730. Insome embodiments, the integration server 710 may construct and transmita Uniform Resource Locator (URL) to the integrated software component732. The URL may be constructed using a domain name corresponding to theselected CDN server and a filename corresponding to the address of theparticular transaction user interface at that CDN server, in order todirect the client device 730 to the appropriate user interface files.

Referring now to FIG. 12, a swim lane diagram is shown illustrating anexample process of hosting transaction user interfaces, providingparticular transaction user interfaces to client devices, and supportingtransaction requests initiated using the particular transaction userinterfaces. As shown in the figure, the steps in this process may beperformed by one or more components in the systems described above(e.g., system 700), such as a transaction integration framework 710 incommunication with a server of a content delivery network 720, and amobile transaction client device 730. However, it should be understoodthat the various features and processes described herein, includingdetermining a particular transaction user interface and a particular CDNserver, need not be limited to the specific systems and hardwareimplementations described above in FIGS. 1-9.

In step 1201, the integration framework 710 transmits one or moretransaction user interfaces to the CDN server for storage. Step 1201 maybe similar or identical to step 1006 discussed above.

In step 1202, the integration framework 710 receives initial transactiondata from a mobile transaction client 730, indicating that theintegrated component 732 for performing secure transactions has beeninvoked via the host application 731. In step 1203, the integrationframework 710 responds with a link to a particular transaction userinterface hosted by the CDN server, where the integration framework 710has selected the particular transaction user interface based on theinitial transaction data received from the mobile client device 730(e.g., sender and receiver identity data, location data, partner data,etc.). In step 1204, the mobile client device 730 uses the link toattempt to retrieve the particular transaction user interface from theCDN server. Thus, steps 1202-1204 may be similar to steps 1101-1105discussed above.

However, in step 1205, rather than the CDN server returning thetransaction user interface to the mobile client 730, the CDN serverreturns an error. In some embodiments, the CDN server may return anerror if the version of a requested transaction user interface hasexpired, or if the CDN server has learned that there is an updatedversion of the transaction user interface. In other examples, the errorin step 1205 may be returned due to the unavailability of resources atthe CDN server, a network failure, corrupt file, etc. Therefore, in step1206, the mobile client 730 may request the transaction user interfacedirectly from the integration framework 710, in response to receivingthe error from the CDN server. In other examples, the mobile client 730may request the transaction user interface from a different CDN server,or may request an updated link from the integration framework 710.However, in this example, the mobile client 730 requests the transactionuser interface file(s) directly from the integration framework 710. Instep 1207, the integration framework 710 responds by regenerating (ifnecessary) and then transmitting the updated version of the transactionuser interface directly to the mobile client 730. In step 1208, theintegration framework 710 also transmits the updated version of thetransaction user interface to the CDN server.

After the mobile client 730, and specifically the integrated softwarecomponent 732, receives the particular transaction user interface, theintegrated component 732 may render the transaction user interfacewithin the host application 731. As discussed above, even though thetransaction user interface may be rendered by the integrated softwarecomponent 732, rather than by the host application 731 itself, thetransaction user interface may still be rendered in the sameuser-specific look and feel. For instance, either when receiving theinitial transaction data, or at a later time before rendering theinterface, the integrated software component 732 may receive from thehost application 731 certain user-specific look and feel information,such as the user's preferred background color and theme, the user'sscreen name, and a URL to the user's avatar within the host application731, etc. Using this information, the integrated software component 732may render the transaction user interface to mimic the user's specificlook and feel when interacting with the host application 731.

The user then may complete the particular transaction user interface,which has been rendered by the integrated software component 732 withinthe host application 731. In step 1209, after the user completes theparticular transaction user interface, the integrated software component732 of the mobile client 730 may construct and transmit a completedtransaction request (e.g., all of the information provided by the userinto the transaction user interface) to the integration framework 710.In step 1210, the integration framework 710 may receive and process thecompleted transaction request using the core transaction systems 740,and may transmit a transaction response back to the integrated softwarecomponent 732 for display to the user via the within the hostapplication 731.

Finally, because transaction request data is received from the user bythe integrated software component 732, and the transaction response datais output to the user by the integrated software component 732, ratherthan by the host application 731 itself, the integrated softwarecomponent 732 may be configured to protect confidential user data and/ortransaction data from the host application 731. For example, in someembodiments, the transaction request and response data transmitted insteps 1209 and 1210 may be completely obscured from the host application731, thereby allowing secure transactions to be performed from withinthe host application 731 without exposing secure data to an unsecurehost application 731.

In the foregoing description, for the purposes of illustration, methodswere described in a particular order. It should be appreciated that inalternate embodiments, the methods may be performed in a different orderthan that described. It should also be appreciated that the methodsdescribed above may be performed by hardware components or may beembodied in sequences of machine-executable instructions, which may beused to cause a machine, such as a general-purpose or special-purposeprocessor or logic circuits programmed with the instructions to performthe methods. These machine-executable instructions may be stored on oneor more machine readable mediums, such as CD-ROMs or other type ofoptical disks, floppy diskettes, ROMs, RAMs, EPROMs, EEPROMs, magneticor optical cards, flash memory, or other types of machine-readablemediums suitable for storing electronic instructions. Alternatively, themethods may be performed by a combination of hardware and software.

While illustrative and presently preferred embodiments of the inventionhave been described in detail herein, it is to be understood that theinventive concepts may be otherwise variously embodied and employed, andthat the appended claims are intended to be construed to include suchvariations, except as limited by the prior art.

1. A system comprising: one or more processing devices; and memorycoupled with the one or more processing devices and configured to storeinstructions that, when executed by the one or more processing devices,cause the one or more processing devices to perform operationscomprising: processing specifications for a first set of rules receivedfrom a first system that is remote from the one or more processingdevices, the first set of rules to be applied to one or more securetransactions supported by a transaction user interface; processingtransaction sender data and transaction receiver data received from atransaction client device; using the specifications for the first set ofrules, determining a first set of interface components as a function ofthe first set of rules to create a first transaction user interface;configuring the first transaction user interface with the set ofinterface components interface components as a function of the first setof rules to create the first transaction user interface; determining afirst expiration time associated with the first transaction userinterface; determining a first content delivery network server of aplurality of content delivery options, the plurality of content deliveryoptions comprising a second content delivery network server that isdistinct from the first content delivery network server and that isassociated with a prior version of the first transaction user interface,where the prior version is not valid according to the first set ofrules, and the first transaction user interface is valid according tothe first set of rules; and transmitting data associated with the firsttransaction user interface to the first content delivery network serverto facilitate the first transaction user interface to the transactionclient device.
 2. The system as recited in claim 1, where the firstexpiration time associated with the first transaction user interface isdetermined based at least in part on the specifications for the firstset of rules received from the first system that is remote from the oneor more processing devices.
 3. The system as recited in claim 2, wherethe transmitting the data associated with the first transaction userinterface to the first content delivery network server to facilitate thefirst transaction user interface to the transaction client devicecomprises specifying the first expiration time for the first contentdelivery network server to enforce.
 4. The system as recited in claim 3,where, after the first expiration time, the first content deliverynetwork server does not facilitate the first transaction user interfaceto the transaction client device.
 5. The system as recited in claim 4,the operations comprising: processing specifications for a second set ofrules received from a second system that is remote from the one or moreprocessing devices, where the second set of rules is different from thefirst set of rules, and the second system is different from the firstsystem; processing second transaction sender data and second transactionreceiver data received from a second transaction client device; usingthe specifications for the second set of rules, determining a second setof interface components as a function of the second set of rules tocreate a second transaction user interface, where the second set ofinterface components is different from the first set of interfacecomponents; and configuring a second transaction user interface with thesecond set of interface components interface components as a function ofthe second set of rules to create the second transaction user interface.6. The system as recited in claim 5, the operations comprising:determining a second expiration time associated with the secondtransaction user interface, where second expiration time is differentfrom the first expiration time; determining a third content deliverynetwork server of the plurality of content delivery options; andtransmitting second data associated with the second transaction userinterface to the third content delivery network server to facilitate thesecond transaction user interface to the transaction client device or asecond transaction client device.
 7. The system as recited in claim 6,where one or both of the first transaction user interface and the secondtransaction user interface corresponds to a single-transaction userinterface.
 8. One or more non-transitory, processor-readable mediastoring computer-executable instructions that, when executed by one ormore processing devices, cause the one or more processing devices toperform operations comprising: processing specifications for a first setof rules received from a first system that is remote from the one ormore processing devices, the first set of rules to be applied to one ormore secure transactions supported by a transaction user interface;processing transaction sender data and transaction receiver datareceived from a transaction client device; using the specifications forthe first set of rules, determining a first set of interface componentsas a function of the first set of rules to create a first transactionuser interface; configuring the first transaction user interface withthe set of interface components interface components as a function ofthe first set of rules to create the first transaction user interface;determining a first expiration time associated with the firsttransaction user interface; determining a first content delivery networkserver of a plurality of content delivery options, the plurality ofcontent delivery options comprising a second content delivery networkserver that is distinct from the first content delivery network serverand that is associated with a prior version of the first transactionuser interface, where the prior version is not valid according to thefirst set of rules, and the first transaction user interface is validaccording to the first set of rules; and transmitting data associatedwith the first transaction user interface to the first content deliverynetwork server to facilitate the first transaction user interface to thetransaction client device.
 9. The one or more non-transitory,processor-readable media as recited in claim 8, where the firstexpiration time associated with the first transaction user interface isdetermined based at least in part on the specifications for the firstset of rules received from the first system that is remote from the oneor more processing devices.
 10. The one or more non-transitory,processor-readable media as recited in claim 9, where the transmittingthe data associated with the first transaction user interface to thefirst content delivery network server to facilitate the firsttransaction user interface to the transaction client device comprisesspecifying the first expiration time for the first content deliverynetwork server to enforce.
 11. The one or more non-transitory,processor-readable media as recited in claim 10, where, after the firstexpiration time, the first content delivery network server does notfacilitate the first transaction user interface to the transactionclient device.
 12. The one or more non-transitory, processor-readablemedia as recited in claim 11, the operations comprising: processingspecifications for a second set of rules received from a second systemthat is remote from the one or more processing devices, where the secondset of rules is different from the first set of rules, and the secondsystem is different from the first system; processing second transactionsender data and second transaction receiver data received from a secondtransaction client device; using the specifications for the second setof rules, determining a second set of interface components as a functionof the second set of rules to create a second transaction userinterface, where the second set of interface components is differentfrom the first set of interface components; and configuring a secondtransaction user interface with the second set of interface componentsinterface components as a function of the second set of rules to createthe second transaction user interface.
 13. The one or morenon-transitory, processor-readable media as recited in claim 12, theoperations comprising: determining a second expiration time associatedwith the second transaction user interface, where second expiration timeis different from the first expiration time; determining a third contentdelivery network server of the plurality of content delivery options;and transmitting second data associated with the second transaction userinterface to the third content delivery network server to facilitate thesecond transaction user interface to the transaction client device or asecond transaction client device.
 14. The one or more non-transitory,processor-readable media as recited in claim 13, where one or both ofthe first transaction user interface and the second transaction userinterface corresponds to a single-transaction user interface.
 15. Amethod comprising: receiving specifications for a first set of rulesfrom a first system that is remote from the one or more processingdevices, the first set of rules to be applied to one or more securetransactions supported by a transaction user interface; receiving from atransaction client device, transaction sender data and transactionreceiver data; using the specifications for the first set of rules,determining a first set of interface components as a function of thefirst set of rules to create a first transaction user interface;configuring the first transaction user interface with the set ofinterface components interface components as a function of the first setof rules to create the first transaction user interface; determining afirst expiration time associated with the first transaction userinterface; determining a first content delivery network server of aplurality of content delivery options, the plurality of content deliveryoptions comprising a second content delivery network server that isdistinct from the first content delivery network server and that isassociated with a prior version of the first transaction user interface,where the prior version is not valid according to the first set ofrules, and the first transaction user interface is valid according tothe first set of rules; and transmitting data associated with the firsttransaction user interface to the first content delivery network serverto facilitate the first transaction user interface to the transactionclient device.
 16. The method as recited in claim 15, where the firstexpiration time associated with the first transaction user interface isdetermined based at least in part on the specifications for the firstset of rules received from the first system that is remote from the oneor more processing devices.
 17. The method as recited in claim 16, wherethe transmitting the data associated with the first transaction userinterface to the first content delivery network server to facilitate thefirst transaction user interface to the transaction client devicecomprises specifying the first expiration time for the first contentdelivery network server to enforce.
 18. The method as recited in claim17, where, after the first expiration time, the first content deliverynetwork server does not facilitate the first transaction user interfaceto the transaction client device.
 19. The method as recited in claim 18,the operations comprising: receiving specifications for a second set ofrules from a second system that is remote from the one or moreprocessing devices, where the second set of rules is different from thefirst set of rules, and the second system is different from the firstsystem; receiving, from a second transaction client device, secondtransaction sender data and second transaction receiver data; using thespecifications for the second set of rules, determining a second set ofinterface components as a function of the second set of rules to createa second transaction user interface, where the second set of interfacecomponents is different from the first set of interface components; andconfiguring a second transaction user interface with the second set ofinterface components interface components as a function of the secondset of rules to create the second transaction user interface.
 20. Themethod as recited in claim 19, the operations comprising: determining asecond expiration time associated with the second transaction userinterface, where second expiration time is different from the firstexpiration time; determining a third content delivery network server ofthe plurality of content delivery options; and transmitting second dataassociated with the second transaction user interface to the thirdcontent delivery network server to facilitate the second transactionuser interface to the transaction client device or a second transactionclient device.